class Api::V1::UsersController < Api::V1::BaseController
  before_action :authenticate_user!, only: [:update]

  def show
    @user = User.find(params[:id])
    api_success({:data => @user})
    # render :json => @user.to_json
  end

  def update
    @user = User.find(params[:id])
    # if UserPolicy.new(current_user, @user).update?
    #   @user.update(update_params)
    #   api_success(msg: '操作成功')
    # else
    #   api_error(status: 403, msg: '认证失败')
    # end
    authorize @user, :update?

    begin
      @user.update(update_params)
      api_success(msg: '操作成功')
      # raise 抛出去后会被rescue捕获
      # raise "更新用户信息发生异常"
    rescue Exception => e
      api_error(status: 403, msg: '认证失败:' + e.message)
    end

  end

  private
  def update_params
    params.require(:user).permit(:name)
  end
end
